我在政策评估期间出错。上面的策略是我在configtx.yml中定义的自定义策略这是其中的片段,其中定义了我的系统通道配置文件和应用程序通道配置文件(我仅包括相关部分)。
Organizations:
- &Org
Name: MyOrg
ID: MyOrg
MSPDir: crypto-config/organizations/org.com/msp
Policies: &OrgPolicy
System:
Type: Signature
Rule: "OR(' MyOrg.admin')"
Readers:
Type: Signature
Rule: "OR(' MyOrg.member')"
Writers:
Type: Signature
Rule: "OR(' MyOrg.member')"
Admins:
Type: Signature
Rule: "OR(' MyOrg.admin')"
AnchorPeers:
- Host: 127.0.0.1
Port: 7051
Application: &ApplicationDefaults
ACLs: &ACLsDefault
qscc/GetBlockByNumber: /Channel/Application/Admins
Policies: &ApplicationDefaultPolicies
System:
Type: ImplicitMeta
Rule: "ANY System"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "MAJORITY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Orderer: &OrdererDefaults
....
Policies:
System:
Type: ImplicitMeta
Rule: "ANY Admins"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ALL Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"Policies:
System:
Type: ImplicitMeta
Rule: "ANY Admins"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ALL Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
....
Profiles:
ApplicationChannel:
Consortium: MyOrgConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *MyOrg
Capabilities:
<<: *ApplicationCapabilities
MyOrgSysChannelConfiguration:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *MyOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *MyOrg
Consortiums:
MyOrgConsortium:
Organizations:
- *MyOrg
我比生成我的工件:
bin/configtxgen -profile MyOrgSysChannelConfiguration -channelID sys-channel -outputBlock ./channel-artifacts/genesis.block
bin/configtxgen -profile ApplicationChannel -outputCreateChannelTx ./channel-artifacts/blockchain.tx -channelID application-channel
然后我可以检查我的创始块以及bin/configtxgen -inspectBlock输出的相关部分:
{
"data": {
"data": [
{
"payload": {
"data": {
"config": {
"channel_group": {
"groups": {
"Application": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Readers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"System": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Writers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
}
},
"values": {
....
},
}
},
"policies": {
"Admins": {
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Admins"
}
},
},
"Readers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
},
"System": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "System"
}
},
},
"Writers": {
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Writers"
}
},
}
},
"values": {
"ACLs": {
"value": {
"acls": {
"qscc/GetBlockByNumber": {
"policy_ref": "/Channel/Application/System"
},
}
},
},
"Capabilities": {
...
}
},
},
"Consortiums": {
"groups": {
"MyOrgConsortium": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Readers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"System": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Writers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
}
},
"values": {
....
},
}
},
....
}
},
"mod_policy": "/Channel/Orderer/Admins",
"policies": {
"Admins": {
"mod_policy": "/Channel/Orderer/Admins",
"policy": {
"type": 1,
"value": {
"identities": [],
"rule": {
"n_out_of": {
"n": 0,
"rules": []
}
},
"version": 0
}
},
}
},
"values": {},
},
"Orderer": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Readers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"System": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Writers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
}
},
"values": {
...
},
}
},
"policies": {
"Admins": {
"policy": {
"type": 3,
"value": {
"rule": "ALL",
"sub_policy": "Admins"
}
},
},
"BlockValidation": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
},
"Readers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
},
"System": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Admins"
}
},
},
"Writers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
}
},
"values": {
"BatchSize": {
"value": {
"absolute_max_bytes": 10485760,
"max_message_count": 500,
"preferred_max_bytes": 2097152
},
},
"BatchTimeout": {
"value": {
"timeout": "2s"
},
},
"Capabilities": {
"value": {
"capabilities": {
"V1_4_2": {}
}
},
},
"ChannelRestrictions": {
"value": null,
},
"ConsensusType": {
...
}
},
}
},
"policies": {
...
},
"values": {
...
}
}
}
}
}
}
]
}
}
正如预期的那样,我定义的所有级别都包括我的自定义策略系统,该系统用于控制按编号获取资源的访问列表。您要注意的是,它是在MyOrg.policy的“应用程序”组下定义的。
因此,我准备部署我的系统通道并运行提交先前从我的configtx.yml生成的创建通道事务。
到目前为止一切顺利!
我现在正在为application-channel获取配置的最新版本,以下省略了不相关的部分:
{ "data": { "data": [ { "payload": { "data": { "config": { "channel_group": { "groups": { "Application": { "groups": { "MyOrg": { "groups": {}, "policies": { "Admins": { "policy": { "type": 1, "value": { "identities": [ { "principal": { "msp_identifier": "MyOrg", "role": "ADMIN" }, "principal_classification": "ROLE" } ], "rule": { "n_out_of": { "n": 1, "rules": [ { "signed_by": 0 } ] } }, "version": 0 } }, }, "Readers": { "policy": { "type": 1, "value": { "identities": [ { "principal": { "msp_identifier": "MyOrg", "role": "MEMBER" }, "principal_classification": "ROLE" } ], "rule": { "n_out_of": { "n": 1, "rules": [ { "signed_by": 0 } ] } }, "version": 0 } }, }, "Writers": { "policy": { "type": 1, "value": { "identities": [ { "principal": { "msp_identifier": "MyOrg", "role": "MEMBER" }, "principal_classification": "ROLE" } ], "rule": { "n_out_of": { "n": 1, "rules": [ { "signed_by": 0 } ] } }, "version": 0 } }, } <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< HERE! HERE! IT IS MISSING HERE! >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> }, "values": { ... }, "version": "1" } }, "policies": { "Admins": { "policy": { "type": 3, "value": { "rule": "MAJORITY", "sub_policy": "Admins" } }, }, "Readers": { "policy": { "type": 3, "value": { "rule": "ANY", "sub_policy": "Readers" } }, }, "System": { "policy": { "type": 3, "value": { "rule": "ANY", "sub_policy": "System" } }, }, "Writers": { "policy": { "type": 3, "value": { "rule": "MAJORITY", "sub_policy": "Writers" } }, } }, "values": { "ACLs": { ... }, "version": "1" }, "Orderer": { "groups": { "MyOrg": { "groups": {}, "policies": { "Admins": { "policy": { "type": 1, "value": { "identities": [ { "principal": { "msp_identifier": "MyOrg", "role": "ADMIN" }, "principal_classification": "ROLE" } ], "rule": { "n_out_of": { "n": 1, "rules": [ { "signed_by": 0 } ] } }, "version": 0 } }, }, "Readers": { "policy": { "type": 1, "value": { "identities": [ { "principal": { "msp_identifier": "MyOrg", "role": "MEMBER" }, "principal_classification": "ROLE" } ], "rule": { "n_out_of": { "n": 1, "rules": [ { "signed_by": 0 } ] } }, "version": 0 } }, }, "System": { "policy": { "type": 1, "value": { "identities": [ { "principal": { "msp_identifier": "MyOrg", "role": "ADMIN" }, "principal_classification": "ROLE" } ], "rule": { "n_out_of": { "n": 1, "rules": [ { "signed_by": 0 } ] } }, "version": 0 } }, }, "Writers": { "policy": { "type": 1, "value": { "identities": [ { "principal": { "msp_identifier": "MyOrg", "role": "MEMBER" }, "principal_classification": "ROLE" } ], "rule": { "n_out_of": { "n": 1, "rules": [ { "signed_by": 0 } ] } }, "version": 0 } }, } }, "values": { .... } }, "policies": { "Admins": { "policy": { "type": 3, "value": { "rule": "ALL", "sub_policy": "Admins" } }, }, "BlockValidation": { "policy": { "type": 3, "value": { "rule": "ANY", "sub_policy": "Writers" } }, }, "Readers": { "policy": { "type": 3, "value": { "rule": "ANY", "sub_policy": "Readers" } }, }, "System": { "policy": { "type": 3, "value": { "rule": "ANY", "sub_policy": "Admins" } }, }, "Writers": { "policy": { "type": 3, "value": { "rule": "ANY", "sub_policy": "Writers" } }, } }, "values": { ... }, } }, "policies": { "Admins": { "policy": { "type": 3, "value": { "rule": "ALL", "sub_policy": "Admins" } }, }, "Readers": { "policy": { "type": 3, "value": { "rule": "ANY", "sub_policy": "Readers" } }, }, "Writers": { "policy": { "type": 3, "value": { "rule": "ANY", "sub_policy": "Writers" } }, } }, "values": { ... }, }, "sequence": "2" }, "last_update": { "payload": { "data": { "config_update": { "channel_id": "application-channel", "isolated_data": {}, "read_set": { "groups": { "Application": { "groups": { "MyOrg": { "groups": {}, "mod_policy": "", "policies": { "Admins": { "mod_policy": "", "policy": null, }, "Readers": { "mod_policy": "", "policy": null, }, "Writers": { "mod_policy": "", "policy": null, } }, "values": { "MSP": { "mod_policy": "", "value": null, } }, } }, "policies": {}, "values": {}, "version": "1" } }, "mod_policy": "", "policies": {}, "values": {}, }, "write_set": { "groups": { "Application": { "groups": { "MyOrg": { "groups": {}, "policies": { "Admins": { "mod_policy": "", "policy": null, }, "Readers": { "mod_policy": "", "policy": null, }, "Writers": { "mod_policy": "", "policy": null, } }, "values": { ... } }, "policies": {}, "values": {}, "version": "1" } }, "mod_policy": "", "policies": {}, "values": {}, } }, "signatures": [ ... ] }, "header": { ... } }, } }, "header": { ... } }, } ] }, "header": { ... }, "metadata": { .... } }这对我来说没有意义。您可以注意到,在
Application.group.MyOrg.policy处未定义我的自定义策略。但是,在confitx.yml文件的通道定义中已包含MyOrg的所有其他级别中,都定义了它。类型签名策略未在Application级别定义的事实产生了无法认可GetBlockByNumber的事实,因为它首先被评估为在签名策略中无法解决的隐式元策略。
我在应用程序渠道定义中做错了吗?
感谢阅读。
我在政策评估期间出错。上面的策略是我在configtx.yml中定义的自定义策略,此处是我的系统通道配置文件和应用程序通道的代码段...
这里的所有内容似乎都应该正常工作,如果我不得不猜测,我会说订购系统通道是用configtx.yaml的较早版本进行引导的。定义了除Readers / Writers / Admin之外的其他策略,并已在频道创建中继承这些策略已经过测试(事实上,默认情况下,您会看到一些与v2.0中的新生命周期相关的新策略)。让我提供更多背景信息,以帮助您跟踪情况。